Elements of Network Security

Elements of Network Security
IntroductionThe primary objective of a network security system is to, in a cost effective manner, balance convenient access to legitimate users and inaccessibility to attackers. In a nutshell, the goal is to prevent connectivity to anyone intending to cause harm to the network. The harm to which this paper refers can come in the following forms: 1.Application-level security threats, such as e-mail viruses and attachments. 2.Threats to network infrastructure devices.

3.Theft of network connectivity services.
4.Unauthorized access from internal and external sources.
5.Denial of service attacks. Using a proper network security strategy reduces and, in some cases, even avoids the listed harmful attacks from occurring on a network (Gary, T., et al, Mar. 2002). This paper will discuss such a strategy used by the Los Angeles Department of Water and Power (LADWP), as well as the strategy's three primary elements: prevention, detection, and recovery. Prevention

Surprisingly, the most common threat to a company's information assets does not come from the sly and cunning computer hacker that is glamorized by Hollywood movies, but from human error, inappropriate disclosures, and sheer carelessness on the part of the company's employees. Hackers who do intentionally tamper with the company's network often do so because they are tempted by assets they know are poorly protected. Weak security policies present the image that a company does not truly value its assets, which in turn attracts the petty thief and curiosity seeker. Therefore, the preventive element of any network security system should include a strong and enforceable security policy for its employees to follow, re-enforced by a form of technical protection (Control Data, 1999). Firewalls, antivirus programs and packet filtering devices are used to protect access to the network at the LADWP. But these tools alone do not provide adequate system security  a policy for system users, as mentioned above, that is based on the identification and prioritization of threats and assumed threats helps to maintain the network's health. The key feature of the policy is an ongoing training program that teaches all users the importance and value of including safe system user practices in their daily routine. Users are more likely to follow security practices if they understand the purpose of the practice and the consequences when these practices aren't used. Added to the training is a physical and electrical restriction of access to sensitive information and areas to users who have no business purpose for using such access. To ensure that the preventive measures are functioning effectively, regular audits of the security policy are performed. Log-on IDs are checked to verify their validity, and the users' activities are monitored to determine if the policies are being followed. Detection

The next element of a network security system is system violation detection, or intrusion detection. This is an effort, should a system violator manage to breach the security of the network, to catch the violation before any real damage can be done to the network. The most common approach to intrusion detection is based on the belief that violations can be discovered by looking for abnormal system usage, or scanning the system in search for known attack patterns or virus indicators (Denning, D., 1986). The two approaches used by LADWP are automated intrusion detection, and network traffic and vulnerability monitoring. For automated intrusion detection, LADWP has deployed the Cisco Intrusion Detection System (IDS). This system has two major components  the sensors and the Director Platform. The sensor captures network packets, reassembles them, and compares these packets against known intrusion signatures. Should the sensor detect an attack,...

You May Also Find These Documents Helpful

...﻿
NetworkSecurity Strategy
(Student’s Name)
(Professor’s Name)
(Course Title)
(Date of Submission)
Introduction
As the director of information security for a medium sized organization with headquarters and 8 remote offices, I am charged with the task of developing a strategy that will ensure that the organization’s systems are never impacted by malwares either internally or externally. Although a 100% protection is almost impossible, the strategy should offer the maximum protection possible. This proposal therefore seeks to identify various security controls that should be implemented on the networksecurity infrastructure so as to mitigate both the internal and external security risks.
Denial of Service (DoS) Attack
A DOS attack performs just as the threat states - a denial of service, meaning the attack prevents normal access and use of network assets by authorized and valid users. This is any type of attack that attempts to make the affected computer resource unavailable to its users (Mirkovic, 2010). Once the attacker has gained access to the network, the attacker will sometimes use a diversion in order to randomize the focus of the Information Systems staff.
This allows the attacker to narrow and hone further attacks undetected. The attacker may send invalid data to applications or services causing unusual termination or...

...﻿SCENARIO 1
According to scenario 1, the followings are the threads and security measure to control it.
THREADS
SECURITY MEASURE
1.Fire outbreaks, begins just outside the data center.
The attack is an internal and active attack caused by a disgruntled employee or worker i.e an unhappy or a dissatisfied employee
I. Availability of fire department center
II. Implementation of well programmed sprinkler system
III. Building has been evacuated to prevent loss of lives
SUGGESTIONS
1.Figure out the worker by investigating and either dismiss him/her or by compensating him/her by treating him right or well.
2. This can also be controlled by enforcing the physical security of the company i.e by installing cctv camera in every hook and corner of the company this will monitor all the employees activities within the vicinity of the company; of which any employee that engages in such a destructive act can be fished out easily by replaying the record.
3. RFID can also be deployed to monitor the in and out of every employee.
2.Anthrax box was detected by an employee in the lobby
I. Evacuation of building has be done again to prevent loss of lives
II. Health department is on scene to investigate the issues and treat people
III. The sprinkler system has been implemented which caused the email and web server to stop working.
SUGGESTIONS
1. Employees and visitors should be properly screened and be checked thoroughly...

...This paper describes the basic threats to the networksecurity and the basic issues of interest for designing a secure network. it describes the important aspects of networksecurity. A secure network is one which is free of unauthorized entries and hackers
INTRODUCTION
Over the past few years, Internet-enabled business, or e-business, has drastically improved efficiency and revenue growth. E-business applications such as e-commerce, supply-chain management, and remote access allow companies to streamline processes, lower operating costs, and increase customer satisfaction. Such applications require mission-critical networks that accommodate voice, video, and data traffic, and these networks must be scalable to support increasing numbers of users and the need for greater
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
Why Networks Must Be Secured?
Attacks: -
Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity....

... NetworkSecurity
Imandi kheerthi Pandranki Divya Revathi
III/IV B.E. CSE III/IV B.E. CSE
Department Of Computer Science Engineering, Department Of Computer Science Engineering,
Dr. L. Bullayya College of Engineering For Women, Dr. L. Bullayya College of Engineering For Women,
Visakhapatnam. Visakhapatnam.
Email Id: Isukheerthi900@gmail.com Email Id: divyarevathi7p@gmail.com
Abstract:-
This paper is going to present an impact on networksecurity. In this present scenario, networksecurity plays an important role. Networksecurity is the process of preventing and detecting unauthorized use of your computer. This paper aims to clear the concept about networksecurity and how to protect (or) secure our messages by using a firewall and the types of networksecurities are available in the present scenario and also we have tried to point out the problems to computer and networks we have also reveals how to tackle this problems using method like...

...small/medium size businesses with higher security requirements (Cisco, Watchguard, Barracuda). Each Kudler Fine Foods location, regardless of its geographical location, would have hi-speed internet access that would keep it connected to the headquarters location. Each firewall would be configured to provide maximum security for each location as well as Virtual Private Network (VPN) connection between the location and the headquarters. Headquarters location would host Main POS Database Server which would be synchronized with all other POS database servers every fifteen to thirty minutes. All of the synchronization would take place via VPN that has 1024bit encryption. Each geographical location would be able to access necessary data and files at the headquarters location via VPN at any time. Depending on the network authentication and network policies, not every person would have access to the same data.
Since Kudler Fine Foods employs only two computer support specialists, we would recommend for the email to be hosted off site and be accessed either via Outlook Web Access (web-mail) or POP/SMPT/IMAP protocols with the Microsoft Outlook client. We also recommend that Email SPAM filtering be provided by the Email Host, but Kudler Fine Foods computer support staff should have access to email spam filters and manage them as they see fit best for the organization. We would also recommend for the Website...

...﻿Firewall:-
A firewall is a software program or a piece of information that help screen out hackers, virus, worms and Trojan horse that try to reach to your computer over the internet.
If you use a computer at home the most efficient and important step to help your computer to protect by turning on your firewall.
If you have a more than one computer connects in home. It is important to protect every computer. You should have a hardware firewall (such as router) to protect your network, but you should also use software firewall on each computer to prevent the spread of virus your network.
If your computer is a part of business, you should follow the policy established by network administrator.
How it works:-
When your firewall protection is turned on, everything that goes in and out of the network is monitored. The firewall monitors allows ‘good data’ in and block ‘bad data’ from entering your network.
Firewall uses one or combination of the following method to control the traffic in and of the network:-
1) Packet filtering:-
The most basic form of firewall software uses pre-determined rules to create different filters. If an incoming packet of data (small chunk of data) is flagged by the filters, it is not allowed through. Packets that make it through the filters are sent to requesting system and all others are discarded.
2) Proxy services:-
A proxy service is an...

...NTC 360 - Network and Telecommunications Concepts
July 31, 2005
NetworkSecurity
In today's world, with so many ways to gain unauthorized access to someone's computer system, networksecurity is very important. Almost every company has been a victim of a virus attack, hackers, or some other form of unauthorized access to their network. In this paper, I will discuss various methods that those who want this access use and ways they can be prevented.
Many people feel that because they use passwords their files are secure and can't be hacked. They unknowingly leave their networks open to attack without protection thinking everything is fine. Hackers can easily get into password protected files once they have access to a computer system. One way to prevent this is to use a firewall. A firewall prevents unauthorized users from gaining access to a system by restricting access to the entire system, not just the files on the system. Firewalls prevent access to data by using symmetric or asymmetric encryption.
Symmetric encryption uses the same password to decrypt the data that it does to encrypt the data. This method allows users to be able to share the same password to gain access to the data and make any needed changes. Asymmetric encryption is different in that there are different passwords used to encrypt the data and decrypt the data. Asymmetric is...